1984 or Greater Good?

I’m not going to use the “U” word. I refuse to. It’s already overused so I’ll go with: we are in exceptional times and, after 7 weeks, I guess, we’re all at a point where we’d all like to get back to how things were as quickly as possible. A Pipe dream, perhaps.

To proceed and work with the “new normal”, which, for the purposes of this piece, I’d like for us to suspend some disbelief and imagine this to be how things were in, say, 2019, we need a vaccine. In the absence of these things, one of the main points of the government’s plan in easing the current restrictions and social distancing measures is the use of contact tracing. Contact tracing has already been used in other countries, such as Singapore and South Korea to monitor and manage the spread of the infection and our (UK) NHSX App is being trialled on the Isle of Wight as of 5th May 2020.

NHSX have developed their own systems to help trace the spread of the virus as has the joint force of Apple and Google. The latter collaboration believe that their app is more secure and affords a high level of privacy to its users as the data collection is at handset level by the use of key codes and consent.

Alternatively, NHSX app uses a centralised approach to work out which phones have matched, which will they believe, give a more holistic view of the virus spread, allowing them to change the app and its processes as it gathers more data. This centralised model however could lead to anonymous data becoming personal data as they collect more data centrally.

It would seem that these apps will be here to stay, at least until a workable vaccine has been developed. The use of any app of this nature raises serious questions regarding privacy and purpose. A few of these questions must be taken seriously, if the public are going to trust such a perceived intrusion. There are a few concerns and questions that must be asked.

The NHSX have already stated in their recent blog on the 24th April that future releases of the app will contain the option to provide further information. This further information will then turn the ‘anonymous’ data into personal data and as with any technology solution as the scope creeps so does the purpose….

However, the privacy concerns that the app raises are not entirely new but it does raise a new and confusing question. Why, in the midst of this crisis are the UK government and NHS doing something different to other countries with the use of the centralised model. The ICO has already said that the decentralised model is more in line with the principles of Data Protection. If there is good technology already on the table why not take it?

Ultimately, it will be how the app and the data it collects, is governed, shared and protected that will determine its overall security and trustworthiness. If people don’t trust how their data is used and understand fully how tracing aspect works then there is a danger that people will not engage with the app and its purpose.

Throughout this pandemic the UK government has relied heavily of the goodwill of its citizens adhering to social distancing and isolation, let’s be honest there’s been limited reports of fines and the measures have not been as restrictive as our European neighbours in Spain or Italy (despite the UK following a similar trajectory). The use of this app and the data inputted is also determined by the goodwill of the user for it to become measurable. As such, the definitive question must be, where does the use of this app feature on your own personal Risk Register?

Is this a case of Big Brother watching, or can we write off the risk as it’s for the greater good of the nation?

We’ll post this to blog to our LinkedIn and would love to hear your thoughts.